Benefits of using FileVault vs just a strong password.

[HarryPot]

I've been reading about the benefits of FileVault 2.

But I'm still unsure what the benefits of encryption are if the encryption is just as strong as the password I have for my account.

Supposing right now I use a very strong password, without FileVault 2, no one would be able to read my data unless they know my password.

If I activate FileVault, wouldn't the same be true? What added security do I receive?

 

[chown33]

If I steal your computer or its disk drive, I can easily connect just the hard drive to my computer, disable permissions (it's trivial, and doesn't require your login password), and your super-strong login password suddenly has no value at all. I can read any unencrypted file located anywhere on the disk, even ones stored in your home folder. You may think I can't do this, or that I need to know your login password, but I can definitely do it without that password, and it's simple to demonstrate using any disk drive in an external case.

If I did the above and you have FileVault enabled, then I need to know the FV password before I can see anything at all on your hard disk. That's because the entire HD is encrypted, and without knowing that password, I can't access anything at all on the disk.

 

[Weaselboy]

I've been reading about the benefits of FileVault 2.

But I'm still unsure what the benefits of encryption are if the encryption is just as strong as the password I have for my account.

Supposing right now I use a very strong password, without FileVault 2, no one would be able to read my data unless they know my password.

If I activate FileVault, wouldn't the same be true? What added security do I receive?

In addition to the method chown33 mentioned, it is also ridiculously easy to reset the password in OS X. Just read this for a guide.

If I stole your Mac I would command-r boot to recovery and it takes about 30 seconds to reset the password then I reboot and login to YOUR account with the new password I selected, and I am into all your business!

If you enable Filevault it prevents this. IMO everybody should turn on Filevault as soon as they setup a new Mac. There is a very small hit in disk speeds, but it is not noticeable, particularly on newer Macs.

 

[HarryPot]

Thanks!

Off to try FileVault.

 

[Tumbleweed666]

What happens to previous non encrypted TM backups if I turn on FV ?
TIA.

 

[Weaselboy]

What happens to previous non encrypted TM backups if I turn on FV ?
TIA.

Nothing. TM does not care if you have FV on or not. TM encryption is handled separately and similarly it does not care if you have FV on or not either.

When you run a TM backup the "vault" is open, so TM sees it as just another unencrypted drive volume.

 

[Tumbleweed666]

Nothing. TM does not care if you have FV on or not. TM encryption is handled separately and similarly it does not care if you have FV on or not either.

When you run a TM backup the "vault" is open, so TM sees it as just another unencrypted drive volume.

OK I'm being a bit dim here. Does that mean the TM backup is not encrypted even i FV my main disk?

So to get everything encrypted I switch it on on both disks, is that correct?

 

[Weaselboy]

OK I'm being a bit dim here. Does that mean the TM backup is not encrypted even i FV my main disk?

So to get everything encrypted I switch it on on both disks, is that correct?

You got it... exactly.

You need to go into this screen in TM prefs and check the box.

Think of FV like a letter inside an envelope. FV is like if you locked the sealed envelope. Once you unseal the envelope (enter password in FV) the letter is still sitting there unencrypted inside with no changes to it. FV works the same way, once you login and "open the vault" all the data is just sitting there normally unencrypted. You can back it up, copy it to USB drives, email files to friends etc just like normal.

 

[terryblyth]

Are there any downsides to using FileVault? I'm thinking particularly speed?

If not, I'm surprised more people don't use it.

 

[maflynn]

Are there any downsides to using FileVault? I'm thinking particularly speed?

If not, I'm surprised more people don't use it.

There's a small performance penalty but not much. Encrypting the data in this day and age is a must and I recommend to the OP to consider this along with a strong password.

 

[Tumbleweed666]

Excellent, thanks to all.

So I'm thinking best thing to do is switch on encryption on both disks last thing at night and let it get on with encrypting without any distraction?

And prior to that take a full CCC 'clear' copy onto another disk and hang onto that for a week or two before doing a secure erase on it.

 

[Weaselboy]

Are there any downsides to using FileVault? I'm thinking particularly speed?

If not, I'm surprised more people don't use it.

Like maflynn said, there is avery small read/write speed hit, but it is small. Here is a benchmark.

Excellent, thanks to all.

So I'm thinking best thing to do is switch on encryption on both disks last thing at night and let it get on with encrypting without any distraction?

And prior to that take a full CCC 'clear' copy onto another disk and hang onto that for a week or two before doing a secure erase on it.

When you turn on FV it will reboot and you can see a progress bar as it encrypts. You can fully use the computer while it is doing that if you need to. It does not need to be left alone.

 

[2984839]

Are there any downsides to using FileVault? I'm thinking particularly speed?

If not, I'm surprised more people don't use it.

The slight performance hit is not noticeable. The only other downside might be that you will lose your data on the drive if you forget your password and lose the recovery key (I deliberately don't save the recovery key), but forgetting that password is not likely since you'll use it relatively frequently.

Most people don't use it because they don't take any security precautions beyond the defaults. They either don't know about it, don't care, or don't see how it would help. If it was up to me, FV would be the default on all installs, unless explicitly disabled.